Guest post By Anna Collard
The statistic comes from the Tessian Back to Work Security Behaviors Report which also found an age discrepancy when it came to who practised the best work security from home.
Around 51% of 16–24-year-olds and 46% of 25–34-year-olds reported that they used security workarounds, while two in five people said that the security behaviours they adopted at home were very different from those they used in the office.
This draws a thick red marker around the need to ensure that people and security training remain a priority while offices continue with hybrid ways of working.
People adopt different behaviours at home as a rule. It is home, after all. There has to be a solid mental shift now that the home has become the office, and this shift involves making sure that the same security checkboxes that were ticked at the office are also ticked at home.
This is even more important because cybercriminals are taking advantage of system and employee vulnerabilities right now, and really going in on the offensive.
Now is the right time to implement policies and approaches that take hybrid workplaces and requirements into account. The survey mentioned above also found that 67% of IT decision-makers believe that phishing emails will increase as people move back to the office.
And there is a discrepancy between how IT sees security when office work returns and how employees see it. Only 57% of employees think that they will follow security protocols once back in the office compared with 70% of IT professionals.
Cybercriminals have cottoned on to the fact that people will move back into the office with a slightly less than a robust approach to security.
They will forget to report mistakes, potentially open up new avenues of risk to the business or get caught by the tide of phishing emails that have become rampant over the past few months.”
People are people. The pandemic has been punishing. Implementing further punishments for making simple cybersecurity mistakes will only make things worse.
What’s needed is a focus on training and positive reinforcement that reminds people of why work security is important, and how to keep their side clean.
Training that puts them in front of simulated ransomware or phishing emails and that teaches them security best practices and rewards those who do well. This should be done consistently and in a way that engages with people in the limited time they have.
By giving your people the tools they need to combat work security threats and recognize risks, you are empowering them and adding that extra layer of security to your business.
Methodical and repeated simulations combined with training allows for IT teams to trust in their people, and for employees to remain aware of the threat actors that wait for them to make the simplest of mistakes.
This is the best way to help your business remain ahead of security best practices and for your people to thwart social engineering attacks.
Anna Collard is a Content Strategy & Evangelist at KnowBe4 AFRICA, the provider of the world’s largest security awareness training and simulated phishing platform, and is used by more than 39,000 organizations around the globe. Founded by IT and data security specialist Stu Sjouwerman, KnowBe4 helps organizations address the human element of security by raising awareness about ransomware, CEO Fraud, and other social engineering tactics through a new-school approach to awareness training on security.